{"id":2200,"date":"2022-07-27T08:55:16","date_gmt":"2022-07-27T15:55:16","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=2200"},"modified":"2023-09-27T06:07:43","modified_gmt":"2023-09-27T13:07:43","slug":"hackers-have-stolen-more-than-2-billion-from-web3-projects-this-year","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/hackers-have-stolen-more-than-2-billion-from-web3-projects-this-year\/","title":{"rendered":"Hackers have stolen more than $2 billion from Web3 projects this&nbsp;year"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.ssls.com\/blog\/wp-content\/uploads\/SSL_Blog_Hackers-have-stolen.png\" alt=\"\" class=\"wp-image-2026\"\/><\/figure>\n\n\n\n<p>In quarters 1 and 2 of 2022, Web3 projects have lost over $2 billion to hacks and exploits. This sum is far more than what was stolen over 2021. 214% more, to be exact. According to a quarterly report <a href=\"https:\/\/4972390.fs1.hubspotusercontent-na1.net\/hubfs\/4972390\/Marketing\/Web3%20Security%20Q2-2022-v4.pdf\">from blockchain security company CertiK<\/a>, one of the key reasons for these astronomical figures is the recent uptick in flash loan attacks.<br><\/p>\n\n\n\n<!--more-->\n\n\n\n<p><a href=\"https:\/\/www.ssls.com\/blog\/what-is-web3-and-how-does-it-work\/\">Learn more about Web3<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What are flash loan attacks?<\/h2>\n\n\n\n<p>A flash loan is a type of loan currently gaining popularity in decentralized finance that does not require collateral. Users can borrow large amounts of money for the purposes of completing a certain type of transaction, but the money must be paid back in full before the transaction ends. One common purpose of a flash loan is arbitrage, which is when traders buy and sell a particular type of cryptocurrency simultaneously in alternate markets where the value is different in order to make a profit. If the borrower does not pay back the loan within the blockchain transaction, the transaction is supposed to fail.&nbsp;<br><\/p>\n\n\n\n<p>Hackers are exploiting this new Web3 finance trend in several ways, including manipulating the value of exchange tokens and governance attacks. Governance attacks involve manipulating blockchain projects that use decentralized governance structures by gaining enough voting rights to change the rules and immediately send themselves all the funds on the blockchain. <a href=\"https:\/\/www.theverge.com\/2022\/4\/22\/23037325\/beanstalk-dismissed-governance-attacks-lost-182-million\">On The Verge<\/a>, you can read about how this happened to decentralized finance project Beanstalk Farms, ultimately costing it over $182 million.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The impact of phishing and social media<\/h2>\n\n\n\n<p>While flash loans are a relatively new threat type, hackers also rely on more classic forms of cyber attack to steal money from Web3 projects. CertiK found that the current reliance on social media is Web3\u2019s \u201cachilles heel\u201d. The vast majority of phishing attacks occur on Discord servers, which is a popular social media option among NFT projects. One of the critical risks of Discord is that it doesn\u2019t support account verification. So hackers frequently clone accounts and exploit users with fake giveaways and \u201ctoo good to<\/p>\n\n\n\n<p>pass up\u201d token offers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>As a technology and financial system still finding its feet, blockchain <a href=\"https:\/\/www.ssls.com\/blog\/ransomware-targeted-26-of-uk-smbs-in-2022\/\">security<\/a> will likely remain unstable for the foreseeable future. CertiK found that there has at least been a decline in the number of rug pull scams\u00a0 \u2014 when a cryptocurrency developer invites new investors to a project and pulls out before it\u2019s complete \u2014 as compared to last year, so it\u2019s not all bad news. Still, if you engage with Web3 projects, it\u2019s essential to exercise caution and ensure all your transactions and dealings are <a href=\"https:\/\/www.ssls.com\/\">secure as can be<\/a>. <br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In quarters 1 and 2 of 2022, Web3 projects have lost over $2 billion to hacks and exploits. This sum is far more than what was stolen over 2021. 214% more, to be exact. According to a quarterly report from blockchain security company CertiK, one of the key reasons for these astronomical figures is the [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2200","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2200","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=2200"}],"version-history":[{"count":2,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2200\/revisions"}],"predecessor-version":[{"id":2614,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/2200\/revisions\/2614"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=2200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=2200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=2200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}